package com.ruifight.web.controller;

import com.ruifight.core.entity.JSONResult;
import com.ruifight.core.entity.Result;
import com.ruifight.core.util.ApplicationUtils;
import com.ruifight.web.model.User;
import com.ruifight.web.model.UserInfo;
import com.ruifight.web.security.PermissionSign;
import com.ruifight.web.security.RoleSign;
import com.ruifight.web.service.UserInfoService;
import com.ruifight.web.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.validation.Valid;

/**
 * 用户控制器
 * 
 * @author StarZou
 * @since 2014年5月28日 下午3:54:00
 **/
@Controller
@RequestMapping(value = "/user")
public class UserController extends BaseController{

    @Resource
    private UserInfoService userInfoService;

    /**
     * 用户登录
     *
     * @return
     */
    @RequestMapping(value = "/login", method = RequestMethod.POST)
    public ModelAndView login(UserInfo userInfo) {
        String a= ApplicationUtils.md5Hex(userInfo.getUserPassword());
        userInfo.setUserPassword(a);
        UserInfo userInfoa = userInfoService.find(userInfo);
        ModelAndView mav =new ModelAndView("index");
        if(null !=userInfoa)
        {
            session.setAttribute("userInfo",userInfoa);
        }
        else
        {
            mav =new ModelAndView("redirect:/user/logout.html");
        }
        return mav;
    }

    /**
     * 用户登出
     * 
     * @param session
     * @return
     */
    @RequestMapping(value = "/logout", method = RequestMethod.GET)
    public String logout(HttpSession session) {
        session.removeAttribute("userInfo");
        // 登出操作
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return "login";
    }
    @RequestMapping(value = "/sigin" , method = RequestMethod.POST)
    @ResponseBody
    public Result sigin(UserInfo userInfo)
    {
        Result j =new Result();
        boolean a = true;
        if(userInfoService.add(userInfo)==0)
        {
            a=false;
        }
        j.setSuccess(a);
        return j;
    }
    /**
     * 基于角色 标识的权限控制案例
     */
    @RequestMapping(value = "/admin")
    @ResponseBody
    @RequiresRoles(value = RoleSign.ADMIN)
    public String admin() {
        return "拥有admin角色,能访问";
    }

    /**
     * 基于权限标识的权限控制案例
     */
    @RequestMapping(value = "/create")
    @ResponseBody
    @RequiresPermissions(value = PermissionSign.USER_CREATE)
    public String create() {
        return "拥有user:create权限,能访问";
    }
}
